Embed Size (px)
Citation preview
OASIS Common Security Advisory Framework (CSAF) Technical Committee UpdateCERT VENDOR MEETINGFEBRUARY 13, 2017
AgendaIntroduction to the OASIS Common Security Advisory Framework (CSAF) Technical Committee.
Transition of the Common Vulnerability Reporting Framework (CVRF) to OASIS.
CVRF version 1.2 Update.
CSAF Roadmap.
Q&A
Introduction to CSAF The OASIS CSAF Technical Committee is chartered to make a major revision to the Common Vulnerability Reporting Framework (CVRF) under a new name for the framework that reflects the primary purpose: a Common Security Advisory Framework (CSAF).
TC deliverables are designed standardize existing practice in structured machine-readable vulnerability-related advisories and further refine those standards over time.
https://www.oasis-open.org/committees/csaf
58 MEMBERS IN LESS THAN 3 MONTHS!
http://www.icasi.org/icasi-transfers-development-of-security-open-standard-to-oasis
https://www.oasis-open.org/news/pr/oasis-advances-standard-for-automated-disclosure-of-cybersecurity-vulnerability-issues
ICASI OASIS
CSAF ROADMAP
6
Nov 2016CSAF Inaugural
Call
CVRF 1.2 contributions to
support CVSSv3.
Launched CSAF Sandbox.
Jan 2017
Mar 2017CVRF 1.2 Release
CSAF (aka CVRF 2.0) work starts:
SWID SupportSupporting Different Formats (JSON, XML,
etc.)Making it
Extensible.Other.
Apr 2017
Major Revision
The goal is to have a major revision of the standard within 18 months of TC creation.
GITHUB
A collaborative environment for the
community to propose and develop
experimental capabilities in the
CSAF specification.
MODERN ENVIRONMENTMajor contributions are expected from TC members, but
everyone is invited to contribute and provide feedback.
OPEN TO EVERYONE
https://github.com/oasis-tcs/csaf
SANDBOX
A collaborative environment for the
community to propose and develop
experimental capabilities in the CSAF specification
CSAF SANDBOXIncluding support
for CVSSv3.
CVRF 1.2 PREVIEW
https://github.com/oasis-tcs/csaf
JIRA
Follow process of action items and
contributions.
OPEN TO EVERYONETracker for action items (tasks) and issues of OASIS
CSAF TC
ISSUE TRACKING
https://issues.oasis-open.org/browse/CSAF
Thank you!
Get Involved!
![OASIS-D Handouts [Read-Only]€¦ · • Describe the major changes from OASIS-C2 to OASIS-D • Understand OASIS M-item coding instructions to accurately code new and revised OASIS](https://img.dokumen.tips/doc/110x75/5ec3637ace40ce0748747c2e/oasis-d-handouts-read-only-a-describe-the-major-changes-from-oasis-c2-to-oasis-d.jpg)